mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-12-30 11:34:33 +00:00
131 lines
4.1 KiB
JSON
131 lines
4.1 KiB
JSON
{
|
|
"id": "CVE-2014-2251",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2014-03-16T14:06:45.867",
|
|
"lastModified": "2024-11-21T02:05:56.067",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El generador de n\u00fameros aleatorios en dispositivos de Siemens SIMATIC S7-1500 CPU PLC con firmware anterior a 1.5.0 no tiene suficiente entrop\u00eda, lo que facilita a atacantes remotos derrotar mecanismos de protecci\u00f3n criptogr\u00e1ficos y secuestrar sesiones a trav\u00e9s de vectores no especificados."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
|
|
"baseScore": 8.3,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "COMPLETE"
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 8.5,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "1.1.2",
|
|
"matchCriteriaId": "1F9DE401-8833-4BBC-A9F9-6275484C932C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "00673095-ABE2-44E9-B032-3C0D9FD4DADC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B7034B3A-0E68-46CB-B481-A644CAF26855"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ABE40AA5-31F1-42E7-9C96-EB0812EA699D"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"US Government Resource"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"US Government Resource"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
],
|
|
"evaluatorComment": "CWE-331: Insufficient Entropy"
|
|
} |